security by design – WindowsTechs.com

Network security in Docker containers

Posted on January 9, 2024 by apostolescus

I am currently involved in enhancing the security of a Docker-based web application.The application follows a traditional three-tier architecture, comprising a web app, an application layer, and a database—all operating on the same VM. A f… Continue reading Network security in Docker containers→

Why are HMAC signatures frequently used for webhook authorization but not other HTTP API requests?

Posted on December 8, 2023 by Paul Draper

HMAC signatures are very commonly used for webhook authorization from service to consumer.
Examples:

Stripe
Slack
Twilio
Twitter
GitHub

and hundreds and hundreds more. This seems a near universal design decision.
Yet, the other direction… Continue reading Why are HMAC signatures frequently used for webhook authorization but not other HTTP API requests?→

Is IBM’s "Security and Privacy by Design" practices based on any earlier standard or guideline?

Posted on December 2, 2022 by Daniel S. Fowler

The following process overview schematic is derived from IBM’s Security in Development The IBM Secure Engineering Framework, but I think I’ve seen a very similar process diagram before, though I cannot find it or remember it. Would this IB… Continue reading Is IBM’s "Security and Privacy by Design" practices based on any earlier standard or guideline?→

Are there any defined approaches to identify security requirements of a system? [closed]

Posted on February 7, 2022 by Nabil

Are there any defined approaches that help you identify security requirements given that you have a specific decription of a system design? After a little research, I found OWASP Application Security Verification Standard. I am sure that t… Continue reading Are there any defined approaches to identify security requirements of a system? [closed]→

Do we need threat modelling after following ASVS standard?

Posted on December 16, 2021 by Andy Dufresne

We are planning to lay out guidelines in our organisation for everyone to follow a secure software development lifecycle. As part of this, we plan to adopt the security knowledge framework (SKF) that provides a checklist based on the ASVS … Continue reading Do we need threat modelling after following ASVS standard?→

How can I verify the hash of the plain text without being able to decrypt the cipher text?

Posted on December 15, 2021 by david_adler

I am building an E2EE chat app where there is one asymmetric key pair per group and one asymmetric key pair per user. All messages in a group chat are encrypted with the group public key and decrypted with the group private key.
When Alice… Continue reading How can I verify the hash of the plain text without being able to decrypt the cipher text?→

A Journey in Organizational Resilience: Security by Design

Posted on November 1, 2021 by George Platsis

Security by design is one of those concepts that happily goes hand in hand with resilience. Candidly, they were made for each other. The security by design methodology helps minimize some of the inherent risk we cannot do anything about. Building on a Tectonic Plate Consider for a moment you absolutely had to construct something […]

The post A Journey in Organizational Resilience: Security by Design appeared first on Security Intelligence.

Continue reading A Journey in Organizational Resilience: Security by Design→

July 2021 Security Intelligence Roundup: Ransomware, Security by Design and How to Analyze in Windows With Frida

Posted on July 29, 2021 by Megan Crouse

Getting and staying ahead of threat actors means knowing the cybersecurity landscape. Today, that still often means ransomware and changing the ways and places we work. July’s top stories include a supply chain attack from the REvil ransomware gang and how to fold security into design. We also have a deep dive into password safety, […]

The post July 2021 Security Intelligence Roundup: Ransomware, Security by Design and How to Analyze in Windows With Frida appeared first on Security Intelligence.

Continue reading July 2021 Security Intelligence Roundup: Ransomware, Security by Design and How to Analyze in Windows With Frida→

How to Use Design Thinking for Next-Gen Privileged Access Management Architecture

Posted on July 14, 2021 by Pierre Magnan

As cyberattacks speed up and become more complex, defenders need to do the same. One large component of this is privileged access management, or PAM. But PAM itself is always evolving. So how does your security operations center (SOC) keep up? And, what are the best, most modern ways to implement PAM today? What Is […]

The post How to Use Design Thinking for Next-Gen Privileged Access Management Architecture appeared first on Security Intelligence.

Continue reading How to Use Design Thinking for Next-Gen Privileged Access Management Architecture→